PT-2024-21567 · Linux+9 · Linux Kernel+9

Published

2024-01-26

·

Updated

2025-09-29

·

CVE-2024-26897

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the wifi: ath9k driver in the Linux kernel. The ath9k wmi event tasklet() function used in ath9k htc assumes that all data structures have been fully initialized by the time it runs. However, due to the order of initialization, this is not guaranteed, as the device is exposed to the USB subsystem before the ath9k driver initialization is completed. A partial fix was committed in 8b3046abc99e to fix a NULL pointer dereference, but it only aborted the WMI TXSTATUS EVENTID command in the event tasklet. The existing synchronization bit has been moved to cover the whole tasklet.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2024:3618
ALSA-2024:3627
ALSA-2024:5363
ALSA-2025_16880
BDU:2026-01440
CESA-2024_3618
CESA-2024_3627
CVE-2024-26897
DLA-3842-1
DSA-5681-1
INFSA-2024_3618
INFSA-2024_3627
INFSA-2024_5363
OESA-2024-1617
OESA-2024-1618
OESA-2024-1622
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2024:3618
RHSA-2024:3627
RHSA-2024:5363
RHSA-2024:5364
RHSA-2024:5365
RHSA-2024_3618
RHSA-2024_3627
RHSA-2024_5363
RLSA-2024:3618
RLSA-2024:3627
RLSA-2024:5363
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2025:20028-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6919-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu